Bug 38557 – Administrator can't override Domain lockout

Bug 38557 - Administrator can't override Domain lockout


Summary:	Administrator can't override Domain lockout

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 critical (vote)
Target Milestone:	UCS 4.0-2-errata
Assigned To:	Stefan Gohmann
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-05-19 01:26 CEST by Kevin Dominik Korte
Modified:	2015-05-28 16:50 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
reset_lockout_values.patch (1.35 KB, patch) 2015-05-19 06:19 CEST, Stefan Gohmann	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin Dominik Korte

2015-05-19 01:26:16 CEST

If the user is logged out of a Windows Workstation, because the domain logout policy was set in Samba 4, the administrator is unable to disable the logout from the UMC. Even setting a new password does not resolve the issue.

Thus the Customer has no other chance then to wait for the logout to timeout. Expected would be that, if a new password is set via the UMC, the logout is disabled by the S4 connector.

Critical as it severely hampers Operations, when users have to wait for the timeout.

Expected would be: user goes to helpdesk, helpdesk sets new password, user can login with the new password.

Comment 1 Kevin Dominik Korte

2015-05-19 01:52:53 CEST

Frustratingly even the with the samba-tool user enable the logout can't be disabled.

Comment 2 Stefan Gohmann

2015-05-19 06:19:27 CEST

Created attachment 6910 [details]
reset_lockout_values.patch

Comment 3 Stefan Gohmann

2015-05-19 06:20:08 CEST

(In reply to Stefan Gohmann from comment #2)
> Created attachment 6910 [details]
> reset_lockout_values.patch

This patch resets the lockout values.

Comment 4 Stefan Gohmann

2015-05-28 10:57:59 CEST

I've applied the patch: r60901
YAML: r60902

Comment 5 Arvid Requate

2015-05-28 14:55:33 CEST

Patch is in the built code, works and advisory is ok.

Comment 6 Janek Walkenhorst

2015-05-28 16:50:31 CEST

<http://errata.univention.de/ucs/4.0/204.html>